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using a chaotic function 



(57) A cryptographic key 1 constituted to be freely 
attachable and detachable to/from a personal computer 
2 encrypting and decrypting data by use of a cipher key 
includes: a pseudo random number generator 14 for 
generating a pseudo random number of a chaotic time 
series based on a data size of the data, a chaotic func- 
tion and an initial value of the chaotic function; and a 



USB controller 1 2 for receiving the data size of the data 
from the personal computer 2 and transmitting the pseu- 
do random number of the chaotic time series as the ci- 
pher key to the personal computer 2, the pseudo ran- 
dom number being generated in the pseudo random 
number generator 14, when the cryptographic key 1 is 
attached to the personal computer 2. 
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Description 

BACKGROUND OF THE INVENTION 

[0001 ] The present invention relates to a cryptograph- 
ic key having a pseudo random number generator for 
generating a pseudo random number of a chaotic time 
series, an encryption device for encrypting plaintext da- 
ta by use of the pseudo random number of the chaotic 
time series from the cryptographic key, an encryption/ 
decryption device for encrypting and decrypting the 
plaintext data, a cryptographic key management device 
for managing the cryptographic key, and a decryption 
device for decrypting cryptographic data. 
[0002] Recent years, a universal serial bus (USB) has 
been used as an interface in which the same connector 
and cable are used coherently for a connection of a per- 
sonal computerto relatively low-speed peripheral equip- 
ment such as a keyboard, a mouse, a speaker, a modem 
and a printer. In this USB, a data transfer rate between 
the personal computer and the peripheral equipment is, 
for example, 1 .5 Mbps, which is relatively low-speed. 
[0003] There has been known an encryption device 
for encrypting data by use of a personal computer and 
peripheral equipment, which are in conformity with the 
standard of the USB as described above. This encryp- 
tion device is constituted of a key information unit in 
which key information is registered, and of a personal 
computer having a cryptographic algorithm, to which the 
key information unit is attached. 

[0004] In the key information unit, there is a key infor- 
mation unit in which the key information is registered by 
a person at the time of purchase thereof, a key informa- 
tion unit in which the key information is registered at the 
time of shipment thereof from a factory, or the like. Upon 
being equipped with the key information unit, the per- 
sonal computer has read out the key information from 
the key information unit, has created a cipher key from 
the key information by use of the cryptographic algo- 
rithm, and has encrypted plaintext data by use of this 
cipher key, thus creating cryptographic data. 

SUMMARY OF THE INVENTION 

[0005] However; since the cryptographic algorithm is 
resident in the personal computer in the conventional 
encryption device, it will be facilitated for a third party to 
decipherthe cipher key created by the cryptographic al- 
gorithm. Therefore, the conventional encryption device 
has had a problem that plaintext data on a personal 
computer owned by a person is browsed easily by the 
third party. 

[0006] Meanwhile, in the multiuser information and 
communication toward the next generation, a code di- 
vision multiple access (CDMA) system will become a 
mainstream, which uses a spread spectrum communi- 
cation system excellent in confidentiality and having 
high performance of removing an interference wave. In 



this spread spectrum communication system, a pseudo 
random number generator capable of generating a 
pseudo random number will become a key device. Here, 
an important matter on the industrial technology is to re- 
5 alize a pseudo random number generator capable of 
generating many types of binary sequences that can be 
reproduced artificially and regarded as pseudo random 
numbers. 

[0007] For example, an action such as throwing a coin 
and shaking a dice is represented as a true random 
number and has no reproductivity, and thus cannot be 
used as an industrial technology. On the other hand, un- 
less an unpredictable number sequence is used, a suf- 
ficient scramble or spread thereof cannot be realized. 
[0008] Chaos has been known as one used to meet 
these two conditions. The chaos contains a wave of eve- 
ry frequency, and the chaos and the random number are 
very closely related to each other. Hence, it is possible 
to use a periodic time series of the chaos as the pseudo 
random number. Therefore, an encryption processing 
for encrypting data by use of a pseudo random number 
generator for generating a pseudo random number 
based on the chaotic time series has been desired. 
[0009] An object of the present invention is to provide 
a cryptographic key capable of preventing the data on 
the personal computer owned by a person from being 
browsed by the third party easily by making the crypto- 
graphic algorithm difficult to be deciphered by the third 
party, the cryptographic algorithm using the pseudo ran- 
dom number generator for generating the pseudo ran- 
dom number of the chaotic time series. 
[0010] Another object of the present invention is to 
provide an encryption device capable of creating cryp- 
tographic data having high confidentiality by carrying out 
the encryption by use of the pseudo random number ob- 
tained by the pseudo random number generator owned 
by the cryptographic key, and to provide an encryption/ 
decryption device and a decryption device, which are 
capable of decrypting the cryptographic data easily. 
[0011] Still another object of the present invention is 
to provide a cryptographic key management device ca- 
pable of managing the cryptographic key. 
[0012] Afirst aspect of the present invention is a cryp- 
tographic key constituted to be freely attachable and de- 
tachable to/from an external device encrypting and de- 
crypting data by use of a cipher key, the cryptographic 
key comprising: a pseudo random number generator for 
generating a pseudo random number of a chaotic time 
series based on a data size of the data, a chaotic func- 
tion and an initial value of the chaotic function; and a 
transmission/reception control unit for receiving the data 
size of the data from the external device and transmitting 
the pseudo random number of the chaotic time series 
as the cipher key to the external device, the pseudo ran- 
dom number being generated in the pseudo random 
number generator, when the cryptographic key is at- 
tached to the external device. 

[001 3] According to the first aspect of the present in- 
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vention, the pseudo random number generator is pro- 
vided in the cryptographic key as a separate body from 
the external device, and only when the encryption or the 
decryption is carried out, the cryptographic key is at- 
tached to the external device, and the pseudo random 
number of the chaotic time series is transmitted from the 
cryptographic key to the external device. Specifically, 
since the pseudo random number generator (crypto- 
graphic algorithm) is not made to reside in the external 
device but built in the body of the cryptographic key, it 
becomes difficult for the third party to decipher the pseu- 
do random number of the chaotic time series as the ci- 
pher key. Thus, the data on the personal computer 
owned by a person can be prevented from being 
browsed by the third party. 

[0014] A second aspect of the present invention is the 
cryptographic key according to the first aspect, charac- 
terized in that the pseudo random number generator in- 
cludes: a chaos generation loop constituted by including 
a pair of one-dimensional map circuits for generating the 
chaotic function, each having non-linear input/output 
characteristics, a pair of CMOS switches for alternately 
performing opening and closing actions for paths on out- 
put sides of the respective one-dimensional map circuits 
in synchronization with an external clock, and a pair of 
feedback loops for feedbacking analog outputs of the 
respective one-dimensional map circuits through the re- 
spective CMOS switches to input sides of the respective 
one-dimensional map circuits in a crossing manner; and 
a pair of AD converters for converting, into digital sig- 
nals, the analog outputs of the respective one-dimen- 
sional map circuits, the analog outputs being taken out 
through the respective CMOS switches, and the respec- 
tive one-dimensional map circuits iterate mapping alter- 
nately with the elapse of a discrete time defined by the 
external clock in the chaos generation loop to allow the 
pseudo random number generator to output binary se- 
quences as chaotic time series through the respective 
AD converters. 

[0015] According to the second aspect of the present 
invention, the respective one-dimensional map circuits 
iteratethe mapping alternately with the elapse of the dis- 
crete time defined by the external clock in the chaos 
generation loop, thus allowing the pseudo random 
number generator to output binary sequences as cha- 
otic time series through the respective AD converters. 
Both of the binary sequences taken out alternately are 
array data, each having a random number with "0" and 
"1" mixed randomly. The binary sequences arrayed in 
accordance with the integrated time series are obtained, 
thus making it possible to generate the pseudo random 
number of the chaotic time series. Moreover, the pair of 
one-dimensional circuits iteratethe mapping alternately, 
and the analog outputs obtained by the mapping are 
feedbacked in the crossing manner. Therefore, diver- 
gence and convergence of the analog outputs woven by 
the pair of one-dimensional map circuits are combined 
with an initial value sensitivity particular to the chaos, 



thus breaking an occurrence balance of "0" and "1" of 
the obtained binary sequences finely. Such a swing phe- 
nomenon particular to the chaos can contribute to the 
improvement of robustness of a stream cipher using the 
5 chaos. 

[0016] A third aspect of the present invention is the 
cryptographic key according to the second aspect, char- 
acterized in that the pseudo random number generator 
further includes: a DA converter for converting an initial 
value given in a digital signal mode into an analog signal; 
and a CMOS switch for performing opening and closing 
actions for a path on an output side of the DA converter 
in synchronization with the external clock. 
[001 7] According to the third aspect of the present in- 
vention, an applied voltage equivalent to a real number 
is given through the DA converter. A quantization reso- 
lution of the DA converter is being increased, and thus 
the types of initial values are being increased. Conse- 
quently, the types of time series which can be taken out 
can be increased. In the industrial technology of the cha- 
os, the maintaining of the initial value sensitivity is an 
extremely important factor. The initial value sensitivity 
is given through the DA converter. Therefore, with re- 
gard to the pair of binary sequences with initial values 
different from each other as starting points, the both are 
not superposed on each other even if they are to be su- 
perposed while shifting phases thereof in any manner. 
Thus, it is made possible to obtain the time series in 
which both auto-correlations and a cross-correlation are 
sufficiently small. 

[0018] A fourth aspect of the present invention is the 
cryptographic key according to the second aspect, char- 
acterized in that at least any one of the pair of one-di- 
mensional map circuits is constituted to be capable of 
adjusting the input/output characteristics of its own in 
accordance with an external adjustment voltage. 
[0019] According to the fourth aspect of the present 
invention, it is made possible to adjust the input/output 
characteristics owned by the one-dimensional map cir- 
cuit from the outside. Consequently, the types of the 
chaotic time series that can be taken out can be further 
increased. 

[0020] A fifth aspect of the present invention is an en- 
cryption device for encrypting plaintext data by use of a 
cipher key, the encryption device comprising: a crypto- 
graphic key having a pseudo random number generator 
for generating a pseudo random number of a chaotic 
time series based on a data size of the plaintext data, a 
chaotic function and an initial value of the chaotic func- 
tion; and an external device for transmitting/the data 
size of the plaintext data to the cryptographic key upon 
being equipped with the cryptographic key, and for en- 
crypting the plaintext data by use of the pseudo random 
number of the chaotic time series as the cipher key, the 
pseudo random number being sent from the crypto- 
graphic key. 

[0021 ] According to the fifth aspect of the present in- 
vention, when the cryptographic key is attached to the 
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external device, the external device transmits the data 
size of the plaintext data to the cryptographic key, and 
encrypts the plaintext data by use of the pseudo random 
number of the chaotic time series as the cipher key, the 
pseudo random number being sent from the crypto- 
graphic key. Therefore, a similar effect to that of the first 
aspect is obtained, and cryptographic data having high 
confidentiality can be created. 

[0022] A sixth aspect of the present invention is the 
encryption device according to the fifth aspect, charac- 
terized in that the external device executes an exclu- 
sive-OR operation for the pseudo random number ob- 
tained by the pseudo random number generator and the 
plaintext data to encrypt the plaintext data. 
[0023] According to the sixth aspect of the present in- 
vention, the exclusive-OR operation forthe pseudo ran- 
dom number obtained by the pseudo random number 
generator and the plaintext data is executed, thus mak- 
ing it possible to encrypt the plaintext data. 
[0024] A seventh aspect of the present invention is the 
encryption device according to the fifth aspect, charac- 
terized in that the cryptographic key stores a first pass- 
word in advance, and the external device collates a 
password inputted from an input unit and the first pass- 
word stored in the cryptographic key, and permits an en- 
cryption processing when both of the passwords coin- 
cide with each other. 

[0025] According to the seventh aspect of the present 
invention, the external device permits the encryption 
processing when the password inputted from the input 
unit and the first password stored in the cryptographic 
key coincide with each other. Therefore, the confidenti- 
ality can be enhanced. 

[0026] An eighth aspect of the present invention is an 
encryption/decryption device for encrypting and de- 
crypting plaintext data by use of a cipher key, the en- 
cryption/decryption device comprising: a first crypto- 
graphic key having a pseudo random number generator 
for generating a pseudo random number of a chaotic 
time series based on a data size of the plaintext data, a 
chaotic function and an initial value of the chaotic func- 
tion; a second cryptographic key having a same consti- 
tution as the first cryptographic key; a first external de- 
vice for transmitting the data size of the plaintext data 
to the first cryptographic key upon being equipped with 
the first cryptographic key, and for encrypting the plain- 
text data by use of the pseudo random number of the 
chaotic time series from the first cryptographic key as 
the cipher key to create cryptographic data; and a sec- 
ond external device for receiving the cryptographic data 
from the first external device, fortransmitting a data size 
of the cryptographic data to the second cryptographic 
key upon being equipped with the second cryptographic 
key, and for decrypting the cryptographic data by use of 
the pseudo random number of the chaotic time series 
from the second cryptographic key as the cipher key. 
[0027] According to the eighth aspect of the present 
invention, the first external device transmits the data 



size of the plaintext data to the first cryptographic key 
upon being equipped with the first cryptographic key, 
and encrypts the plaintext data by use of the pseudo 
random number of the chaotic time series from the first 

5 cryptographic key to create the cryptographic data. The 
second external device receives the cryptographic data 
fromthefirst external device, and transmits the data size 
of the cryptographic data to the second cryptographic 
key upon being equipped with the second cryptographic 

10 key, then decrypts the cryptographic data by use of the 
pseudo random number of the chaotic time series from 
the second cryptographic key. Therefore, the plaintext 
data on the transmission side can be obtained on the 
reception side. 

15 [0028] A ninth aspect of the present invention is the 
encryption/decryption device according to the eighth as- 
pect, characterized in that the first external device exe- 
cutes an exclusive-OR operation forthe pseudo random 
number obtained by the pseudo random number gener- 
ic ator in the first cryptographic key and the plaintext data 
to encrypt the plaintext data, and the second external 
device executes an exclusive-OR operation for the 
pseudo random number obtained by the pseudo ran- 
dom number generator in the second cryptographic key 
25 and the cryptographic data to decrypt the cryptographic 
data. 

[0029] According to the ninth aspect of the present in- 
vention, the first external device executes the exclu- 
sive-OR operation for the pseudo random number ob- 

30 tained by the pseudo random number generator in the 
first cryptographic key and the plaintext data to encrypt 
the plaintext data. Moreover, the second external device 
executes the exclusive-OR operation for the pseudo 
random number obtained by the pseudo random 

35 number generator in the second cryptographic key and 
the cryptographic data to decrypt the cryptographic da- 
ta. Therefore, the plaintext data on the transmission side 
can be obtained on the reception side. 
[0030] A tenth aspect of the present invention is the 

40 encryption/decryption device according to the eighth as- 
pect, characterized in that the first cryptographic key 
stores a first password in advance, the second crypto- 
graphic key stores a second password in advance, the 
first external device collates a password inputted from 

45 a first input unit and the first password stored in the first 
cryptographic key ; and permits an encryption process- 
ing when both of the passwords coincide with each oth- 
er, and the second external device collates a password 
inputted from a second input unit and the second pass- 

50 word stored in the second cryptographic key, and per- 
mits a decryption processing when both of the pass- 
words coincide with each other. 

[0031 ] According to the tenth aspect of the present in- 
vention, the encryption processing is permitted on the 
55 transmission side when both of the passwords coincide 
with each other, and the decryption processing is per- 
mitted on the reception side when both of the passwords 
coincide with each other. Therefore, the confidentiality 
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can be enhanced on each of the transmission and re- 
ception sides. 

[0032] An eleventh aspect of the present invention is 
a cryptographic key management device for managing 
a cryptographic key constituted to be freely attachable 
and detachable to/from an external device, character- 
ized in that the cryptographic key includes: a pseudo 
random number generator for generating a pseudo ran- 
dom number of a chaotic time series based on a data 
size of data, a chaotic function and an initial value of the 
chaotic function; a transmission/reception control unit 
for receiving the data size of the data from the external 
device and transmitting the pseudo random number of 
the chaotic time series as the cipher key to the external 
device, the pseudo random number being generated in 
the pseudo random number generator, when the cryp- 
tographic key is attached to the external device; and a 
memory having a program area for storing a program, 
an update password for indicating permission and re- 
fusal of update of the program of the program area, and 
a program update area for storing the update program, 
the external device includes: a password deletion unit 
for sending out a delete command to the cryptographic 
key to delete the update password therefrom when up- 
dating the program of the program area in the memory; 
and a transmission unit for transmitting the update pro- 
gram in a unit of a predetermined length to the crypto- 
graphic key after deleting the update password, and the 
cryptographic key turns into an update mode by the de- 
letion of the update password, and stores the update 
program from the external device in the unit of the pre- 
determined length in the program update area, then 
transports the update program in the unit of the prede- 
termined length to the program area, the update pro- 
gram being stored in the program update area. 
[0033] According to the eleventh aspect of the present 
invention, the external device sends out the delete com- 
mand to the cryptographic key to delete the update 
password therefrom when updating the program of the 
program area in the memory. Then, the external device 
transmits the update program in the unit of the prede- 
termined length to the cryptographic key after deleting 
the update password. Meanwhile, the cryptographic key 
turns into the update mode by the deletion of the update 
password, and stores the update program from the ex- 
ternal device in the unit of the predetermined length in 
the program update area. Then, the cryptographic key 
transports the update program in the unit of the prede- 
termined length to the program area, the update pro- 
gram being stored in the program update area. There- 
fore, the program in the memory of the cryptographic 
key can be rewritten from the external device easily, and 
the rewrite of the application program is determined de- 
pending on whether or not the update password exists. 
Therefore, only a specific person can rewrite the appli- 
cation program. 

[0034] A twelfth aspect of the present invention is the 
cryptographic key management device according to the 



eleventh aspect, characterized in that the transmission 
unit of the external device transmits the update program 
and the update password to the cryptographic key, and 
the cryptographic key stores the update password in the 
5 memory when storing the update program in the pro- 
gram update area. 

[0035] According to the twelfth aspect of the present 
invention, the cryptographic key can store the update 
password from the external device in the memory when 
10 storing the update program from the external device in 
the program update area. 

[0036] A thirteenth aspect of the present invention is 
the cryptographic key management device according to 
the twelfth aspect, characterized in that the cryptograph- 
's ic key activates the program of the program area when 
the update password is stored in the memory when a 
power source is turned on. 

[0037] According to the thirteenth aspect of the 
present invention, the cryptographic key can activate 
20 the program of the program area when the update pass- 
word is stored in the memory when the power source is 
turned on, thus making it possible to carry out a usual 
processing. 

[0038] A fourteenth aspect of the present invention is 

25 a cryptographic key management device for managing 
a cryptographic key constituted to be freely attachable 
and detachable to/from an external device, character- 
ized in that the external device includes: an initial value 
table storing a cryptographic key number and an initial 

30 value of a chaotic function for each cryptographic key, 
the cryptographic key number and the initial value being 
made to correspond to each other; and a transmission 
unit for reading out the initial value corresponding to the 
cryptographic key number from the initial value table to 

35 transmit the initial value to the cryptographic key when 
the cryptographic key is attached to the external device, 
and the cryptographic key includes: a memory for stor- 
ing the initial valuefrom the external device; and a pseu- 
do random number generator for generating a pseudo 

40 random number of a chaotic time series based on the 
initial value stored in the memory, a data size of data 
and the chaotic function. 

[0039] According to the fourteenth aspect of the 
present invention, the external device reads out the in- 

45 jtial value corresponding to the cryptographic key 
number from the initial value table and transmits the in- 
itial value to the cryptographic key upon being equipped 
with the cryptographic key. The cryptographic key stores 
the initial value from the external device in the memory, 

50 and generates the pseudo random number of the cha- 
otic time series based on the initial value stored in the 
memory, the data size of the data and the chaotic func- 
tion. Hence, from the external device, the initial value 
corresponding to the cryptographic key can be regis- 

55 tered in the memory in the cryptographic key for each 
cryptographic key. 

[0040] A fifteenth aspect of the present invention is 
the cryptographic key management device according to 
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the fourteenth aspect, characterized in that the external 
device includes: an input unit for receiving the crypto- 
graphic key number and the initial value for each cryp- 
tographic key; and a storage control unit for allowing the 
initial value table to store the cryptographic key number 
and the initial value for each cryptographic key, the cryp- 
tographic key number andthe initial value being inputted 
from the input unit. 

[0041 ] According to the fifteenth aspect of the present 
invention, when the input unit inputs the cryptographic 
key number and the initial value for each cryptographic 
key, the storage control unit allows the initial value table 
to store the cryptographic key number and the initial val- 
ue for each cryptographic key, which are inputted from 
the input unit. Therefore, the initial value can be man- 
aged for each cryptographic key by the created initial 
value table. 

[0042] A sixteenth aspect of the present invention is 
a decryption device for decrypting cryptograph ic data by 
use of a cryptographic key constituted to be freely at- 
tachable and detachable to/from an external device, 
characterized in that the external device includes: a 
cryptographic file storing the cryptographic data and a 
group password inherent in a plurality of users capable 
of using the cryptographic data; a transmission unit for 
transmitting the group password and a data size of the 
cryptographic data to the cryptographic key when an in- 
putted password coincides with the group password 
stored in the cryptographic file; and a decryption unit for 
decrypting the cryptographic data in the cryptographic 
file by use of a cipher key from the cryptographic key, 
and the cryptographic key includes: a pseudo random 
number generator for generating a pseudo random 
number of a chaotic time series based on the data size 
of the cryptographic data from the external device, a 
chaotic fu nction and the group password as an initial val- 
ue of the chaotic function; and a transmission/reception 
control unit for receiving the group password and the 
data size of the cryptographic data from the external de- 
vice, and for transmitting the pseudo random number of 
the chaotic time series as the cipher key to the external 
device, the pseudo random number being generated in 
the pseudo random number generator. 
[0043] According to the sixteenth aspect of the 
present invention, the external device transmits the 
group password and the data size of the cryptographic 
data to the cryptographic key when the inputted pass- 
word coincides with the group password stored in the 
cryptographic file. Meanwhile, the cryptographic key 
generates the pseudo random number of the chaotic 
time series based on the data size of the cryptographic 
data from the external device, the chaotic function and 
the group password as the initial value of the chaotic 
function. Then, the cryptographic key transmits the gen- 
erated pseudo random number of the chaotic time se- 
ries as the cipher key to the external device. The exter- 
nal device decrypts the cryptographic data in the cryp- 
tographic file by use of the cipher key from the crypto- 



graphic key. Specifically, the group password is defined 
as the initial value, thus making it possible to share the 
cryptographic file in the group composed of the plurality 
of users. 

5 [0044] A seventeenth aspect of the present invention 
is the decryption device according to the sixteenth as- 
pect, characterized in that the external device further in- 
cludes: a determination unit for determining whether or 
not group mode information for indicating that the plu- 

10 rality of users can use the cryptographic data is in the 
cryptographicfile; and a request unitfor requesting input 
of the password when the group mode information is in 
the cryptographic file. 

[0045] According to the seventeenth aspect of the 
15 present invention, the external device determines 
whether or notthe group mode information is in the cryp- 
tographic file. When the group mode information is in 
the cryptographicfile, the external device requests input 
of the password. Therefore, only when there is the group 
20 mode information and the inputted password coincides 
with the group password stored in the cryptographic file, 
the cryptographic file can be shared in the group com- 
posed of the plurality of users. 



25 BRIEF DESCRIPTION OF THE DRAWINGS 
[0046] 

Fig. 1 is a block diagram showing a constitution of 
30 an encryption device of a first embodiment accord- 
ing to the present invention. 

Fig. 2 is a diagram showing a time series waveform 
of logistic map chaos. 

Fig. 3 is a diagram explaining a concrete example 
35 of encryption using a pseudo random number as a 
cipher key. 

Fig. 4 is a sequence diagram explaining an encryp- 
tion processing on a transmission side. 
Fig. 5 is a block diagram showing a constitution of 

40 an encryption/decryption device of a second em- 
bodiment according to the present invention. 
Fig. 6 is a diagram explaining a concrete example 
of encryption and decryption, which use the pseudo 
random number as the cipher key. 

45 Fig. 7 is a sequence diagram explaining a decryp- 
tion processing on a reception side. 
Fig. 8 is a sequence diagram showing in detail a 
communication processing between a USB key and 
a personal computer. 

50 Fig. 9 is a block diagram schematically showing a 
constitution of a pseudo random number generator. 
Fig. 10 is a diagram showing a circuit obtained by 
integrating the pseudo random number generator. 
Fig. 1 1 is a block diagram showing a constitution of 

55 a cryptographic key management device of a third 

embodiment according to the present invention. 
Fig. 1 2 is a diagram showing a principal constitution 
of a personal computer of the cryptographic key 
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management device of the third embodiment and a 
memory region constitution of a memory in a USB 
key thereof. 

Fig. 1 3 is a diagram showing a sequence for rewrit- 
ing a program of the memory in the USB key from 
the personal computer of the cryptographic key 
management device of the third embodiment. 
Fig. 14 is a flowchart showing activation of an ap- 
plication program or an update program of the 
memory in the USB key of the cryptographic key 
management device of the third embodiment. 
Fig. 1 5 is a block diagram showing a constitution of 
a cryptographic key management device of a fourth 
embodiment according to the present invention. 
Fig. 16 is a diagram showing a constitution of an 
initial value table in a personal computer of the cryp- 
tographic key management device of the fourth em- 
bodiment according to the present invention. 
Fig. 17 is a flowchart showing a preparation 
processing of the initial value table by the personal 
computer of the cryptographic key management de- 
vice of the fourth embodiment according to the 
present invention. 

Fig. 18 is a flowchart showing a registration 
processing of an initial value to a memory of a USB 
key from the personal computer of the cryptograph- 
ic key management device of the fourth embodi- 
ment according to the present invention. 
Fig. 1 9 is a block diagram showing a constitution of 
a decryption device of a fifth embodiment according 
to the present invention. 

Fig. 20 is a diagram showing a constitution of a cryp- 
tographic file in a personal computer of the decryp- 
tion device of the fifth embodiment according to the 
present invention. 

Fig. 21 is a flowchart showing a decryption process- 
ing in the decryption device of the fifth embodiment 
according to the present invention. 

DETAILED DESCRIPTION OF THE PREFERRED 
EMBODIMENTS 

[0047] Description will be made below in detail with 
reference to the drawings for embodiments of an en- 
cryption device and an encryption/decryption device, 
each including a cryptographic key according to the 
present invention. 

(First Embodiment) 

[0048] Fig. 1 is a block diagram showing a constitution 
of an encryption device of a first embodiment according 
to the present invention. The encryption device shown 
in Fig. 1 is constituted by having a personal computer 2 
(corresponding to an external device of the present in- 
vention) for encrypting plaintext data by use of a cipher 
key and having a USB key 1 (corresponding to a cryp- 
tographic key of the present invention) which is consti- 



tuted to be freely attachable and detachable to/from the 
personal computer 2 and adapted to the USB standard. 
Note that the external device may be a mobile terminal 
such as a cellular phone instead of the personal com- 
5 puter. 

[0049] The USB key 1 is portable and owned by a per- 
son, and a key's protrusion 1 0 is formed on the USB key 
1 . This key's protrusion 1 0 is inserted into a computer's 
groove 20 formed on the personal computer 2, and thus 

10 the USB key 1 and the personal computer 2 are electri- 
cally connected to each other, and data communication 
can be mutually carried out therebetween. 
[0050] The USB key 1 is constituted by having an in- 
put/output unit 11 for administering input/output of data 

15 with the personal computer 2, a USB controller 12, a 
memory 13, and a pseudo random number generator 
14. 

[0051] The pseudo random number generator 14 
generates a pseudo random number of a chaotic time 

20 series waveform based on a data size of plaintext data, 
a chaotic function and an initial value of this chaotic func- 
tion. Description will be made for the pseudo random 
number based on the chaotic time-series waveform. It 
is generally known that the chaotic time series waveform 

25 behaves irregularly. Therefore, the pseudo random 
number generator 14 generates the pseudo random 
number by use of the chaotic time series waveform. 
[0052] As one of typical models of creating the chaotic 
time series waveform, there is a logistic map. A formula 

so of this logistic map is represented as a recurrence for- 
mula shown in a formula (1 ). 

x(t+1) = 4x(t){1-x(t)} 

x(t) = x(t+1) (1) 

where t is a discrete time, and x(t) corresponds to the 
above-mentioned chaoticfunction. When an initial value 

40 x(0) is given to the formula (1) and the discrete time (t) 
is changed from 0 to ; for example, 100 for each fixed 
time At (discretely), a chaotic time series waveform 
based on the logistic map, which is as shown in Fig. 2, 
is obtained. In Fig. 2, values of x(t) for each fixed time 

45 At are plotted. 

[0053] This logistic map is a time series waveform 
where the values iterate increase/reduction, and a state 
of the time series waveform is greatly changed by a 
slight change of the initial value x(0). Specifically the 

50 formula of the logistic map depends on the initial value 
x(0) sensitively. This is referred to as an initial value sen- 
sitivity. Therefore, plural types of pseudo random num- 
bers of the chaotic time series waveforms can be gen- 
erated by changing the initial value x(0), thus making it 

55 possible to fabricate plural types of USB keys 1 . 

[0054] Furthermore, because of non-linear character- 
istics of the formula of the logistic map, x(t) does not 
take the same value twice and has irreversibility. There- 
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fore, since the value of x(t) cannot be predicted by a 
simple inverse calculation, confidentiality thereof can be 
enhanced. 

[0055] Note that description will be made later in detail 
for a concrete circuit configuration ofthepseudo random 
number generator. 

[0056] The memory 13 stores the initial value of the 
chaotic function and a password of a person owning the 
key. The USB controller 12 (corresponding to a trans- 
mission/reception control unit of the present invention) 
controls the respective units: When the USB key 1 is 
attached to the personal computer2, the USB controller 
12 receives a data size of plaintext data from the per- 
sonal computer 2 and transmits the pseudo random 
number of the chaotic time series generated in the pseu- 
do random number generator 14 as the cipher key to 
the personal computer 2. 

[0057] Here, the one actually used as the crypto- 
graphic key is a pseudo random number having a size 
corresponding to the above-described data size among 
the pseudo random numbers of the above-described 
chaotic time series. The case wherethe pseudo random 
number of the chaotic time series is used as the crypto- 
graphic key in the following description also implies the 
above matter. 

[0058] The personal computer 2 transmits the data 
size of the plaintext data to the USB key 1 when the USB 
key 1 is attached thereto, and encrypts the plaintext data 
by use of the pseudo random number of the chaotic time 
series, which is sent from the USB key 1 , as the cipher 
key. The personal computer 2 is constituted by having 
an input/output unit 21 for administering input/output of 
data with the USB key 1 , a controller 22, a memory 23 
for storing the personal password, various data and the 
like, which are inputted from an input unit 3, an exclu- 
sive-OR circuit (hereinafter, abbreviated as XOR) 24, 
and a transmission unit 25. The input unit 3 for inputting 
the plaintext data, other various data and the like to the 
personal computer 2 and a display unit 4 for displaying 
the data on a screen are connected to the personal com- 
puter 2. 

[0059] When the USB key 1 is attached to the person- 
al computer 2, the controller 22 receives an attachment 
signal from the USB key 1 , transmits the number of 
bytes of the plaintext data (the number corresponding 
to the data size of the present invention) to the USB key 
1 , and receives, from the USB key 1 , the pseudo random 
number of the chaotic time series, which is obtained by 
the pseudo random number generator 1 4. Moreover, the 
controller 22 collates the password inputted from the in- 
put unit 3 and the password stored in the USB key 1 , 
and permits the encryption processing when both of the 
passwords coincide with each other. The XOR 24 exe- 
cutes an exclusive-OR operation forthe pseudo random 
number of the chaotic time series from the controller 22 
and the plaintext data, and thus encrypts the plaintext 
data. Then, the XOR 24 outputs the obtained crypto- 
graphic data to the transmission unit 25. 



[0060] Next, description will be made in detail for an 
action of the encryption device including the crypto- 
graphic key constituted as described above with refer- 
ence to Fig. 1 to Fig. 4. Fig. 3 is a diagram explaining a 
5 concrete example of the encryption using the pseudo 
random number as the cipher key. Fig. 4 is a sequence 
diagram explaining an encryption processing on a trans- 
mission side. 

[0061 ] First, the USB key 1 is attached to the personal 
10 computer 2 (Step S1), and the personal computer 2 is 
activated (Step S2). Then, a password of a user is in- 
putted to the personal computer 2 from the input unit 3 
(Step S3). Next, the personal computer 2 makes a re- 
quest for a password to the USB key 1 (d1 ). In the USB 
15 key 1 , in response to the request for the password, the 
USB controller 12 reads out the password from the 
memory 1 3 and transmits this password to the personal 
computer 2 (d2). 

[0062] Next, the controller 22 in the personal compu- 
te ter 2 determines whether the password inputted from 
the input unit 3 has coincided with the password stored 
in the USB key 1 (Step S5). When both of the passwords 
do not coincide with each other, the encryption process- 
ing is not carried out. When both of the passwords co- 
25 incide with each other, the encryption processing is per- 
mitted, and the number of bytes of the plaintext data is 
transmitted to the USB key 1 (d3). 
[0063] In the USB key 1 , the pseudo random number 
generator 14 generates the pseudo random number of 
so the chaotic time series based on the number of bytes of 
the received plaintext data, the chaotic function and the 
initial value of this chaotic function (Step S7). Then, the 
USB controller 1 2 transmits the pseudo random number 
of the chaotictime series, which is obtained by the pseu- 
35 do random number generator 14 and has a size corre- 
sponding to this data size, to the personal computer 2 
(d4). 

[0064] In the personal computer 2, the XOR 24 exe- 
cutes the exclusive-OR operation for the pseudo ran- 

40 dom number from the controller 22 and the plaintext da- 
ta, and thus carries out the encryption forthe plaintext 
data. Then, the XOR 24 outputs the obtained crypto- 
graphic data to the transmission unit 25 (Step S8). For 
example, as shown in Fig. 3, the plaintext data is defined 

45 as "011001 ," the random number as the cipher key is 
defined as "100100," and an XOR of the both is taken. 
Then, "111101" is obtained as cryptographic data. The 
transmission unit 25 transmits the cryptographic data 
from the XOR 24 to the outside. Moreover, the crypto- 

50 graphic data is stored in the memory 23. 

[0065] As described above, according to the encryp- 
tion device of the first embodiment, the pseudo random 
number generator 14 is provided in the USB key 1 as a 
separate body from the personal computer 2, and only 

55 when the encryption is carried out, the USB key 1 is at- 
tached to the personal computer 2, and the pseudo ran- 
dom number of the chaotic time series is transmitted 
from the USB key 1 to the personal computer 2. Specif- 
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ically, since the pseudo random number generator 14 
(cryptographic algorithm) is not provided in the personal 
computer 2 but built in the body of the USB key, it be- 
comes difficult for the third party to decipher the pseudo 
random number of the chaotic time series as the cipher 
key. Thus, the data on the personal computer owned by 
a person can be prevented from being browsed by the 
third party. 

[0066] Moreover, files of various formats such as a 
document and an image can be encrypted only by in- 
serting the USB key 1 into the personal computer 2 at 
the time of use thereof. Furthermore, if a destination also 
possesses such a USB key 1 , then a confidential cryp- 
tographic mail by the cryptographic data can be trans- 
mitted to the destination. 

[0067] Moreover, since the pseudo random number 
generator 14 is not provided in the personal computer 
2, a processing load of the personal computer 2 can be 
reduced. 

[0068] Furthermore, since the encryption processing 
cannot be carried out if the password on the USB key 1 
side and the password on the personal computer 2 side 
do not coincide with each other, the confidentiality there- 
of can be further improved. 

[0069] Moreover, since the plural types of pseudo ran- 
dom numbers of the chaotic time series can be gener- 
ated by changing the initial value x(0), plural types of 
the USB keys 1 can be fabricated, thus making it pos- 
sible to use the keys in plural groups. 
[0070] Moreover, since the pseudo random number 
of the chaotic time series can be generated at a high 
speed, the mode of this embodiment has an encryption 
processing speed which is approximately 80 times that 
of a data encryption standard (DES) mode as a conven- 
tional general encryption mode. 

(Second Embodiment) 

[0071] Next, description will be made in detail for an 
encryption/decryption device of a second embodiment 
according to the present invention. This encryption/de- 
cryption device is characterized in that it encrypts plain- 
text data on a transmission side and transmits the data 
to a reception side, then decrypts the cryptographic data 
received by the reception side, thus obtaining the origi- 
nal plaintext data. 

[0072] Fig. 5 is a block diagram showing a constitution 
of the encryption/decryption device of the second em- 
bodiment according to the present invention. As shown 
in Fig. 5, the encryption/decryption device is constituted 
by having a personal computer 2a of the transmission 
side, a USB key 1a attached to this personal computer 
2a, a personal computer 2b of the reception side, a USB 
key 1b attached to this personal computer 2b. and the 
Internet 5 for carrying out mutual data communication 
between both of the personal computers 2a and 2b. 
[0073] The USB key 1 a of the transmission side has 
the same constitution and function as those of the USB 



key 1 shown in Fig. 1 , is constituted to be freely attach- 
able and detachable to/from the personal computer 2a, 
and is constituted by having an input/output unit 11a, a 
USB controller 12a, a memory 13a and a pseudo ran- 

5 dom number generator 1 4a. The personal computer 2a 
of the transmission side has the same constitution and 
function as those of the personal computer 2 shown in 
Fig. 1 . and is constituted by having an input/output unit 
21 a, a controller 22a, a memory 23a, an XOR 24a and 

10 a transmission unit 25a. An input unit 3a and a display 
unit 4a are connected to the personal computer 2a. 
[0074] The USB key 1 b of the reception side has the 
same constitution and function as those of the USB key 
1 a, is constituted to be freely attachable and detachable 

15 to/from the personal computer 2b, and is constituted by 
having an input/output unit 1 1 b, a USB controller 1 2b, a 
memory 13b and a pseudo random number generator 
14b. The memory 13b stores a password of a person 
owning a key and an initial value equal to an initial value 

20 x(0) of a chaotic function x(t) generated in the pseudo 
random number generatur 1 4a of the transmission side. 
The USB controller 12b controls the respective units. 
When the USB key 1b is attached to the personal com- 
puter 2b, the USB controller 1 2b receives a data size of 

25 the cryptographic data from the personal computer 2b, 
and transmits the pseudo random number of the chaotic 
time series generated in the pseudo random number 
generator 1 4b as a cipher key to the personal computer 
2. 

30 [0075] The personal computer 2b of the reception 
side has approximately the same constitution and the 
same function as those of the personal computer 2a. 
Upon being equipped with the USB key 1b, the personal 
computer 2b transmits the data size of the cryptographic 

35 data to the USB key 1 b, and decrypts the cryptographic 
data by use of the pseudo random number of the chaotic 
time series, which is sent from the USB key 1b, as the 
cipher key. The personal computer 2b is constituted by 
having an input/output unit 21b, a controller 22b, amem- 

40 ory 23b, an XOR 24b and a reception unit 25b. An input 
unit 3b and a display unit 4b are connected to the per- 
sonal computer 2b. 

[0076] The reception unit 25b receives the crypto- 
graphic data from the transmission side through the In- 

45 ternet 5, and transmits the received cryptographic data 
to the controller 22b and the XOR 24b. Upon being 
equipped with the USB key 1b, the controller 22b re- 
ceives an attachment signal from the USB key 1 b, trans- 
mits the number of bytes of the cryptographic data to 

50 the USB key 1b, and receives the pseudo random 
number of the chaotic time series, which is obtained by 
the pseudo random number generator 14b, from the 
USB key 1b. Moreover, the controller 22b collates the 
password inputted from the input unit 3b and the pass- 

55 word stored in the USB key 1 b, and permits the encryp- 
tion processing when both of the passwords coincide 
with each other. The XOR 24b executes an exclu- 
sive-OR operation for the pseudo random number of the 
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chaotic time series from the controller 22b and the cryp- 
tographic data, and thus carries out the decryption for 
the cryptographic data. Then, the XOR 24b obtains 
plaintext data as the decrypted data. 
[0077] Next, description will be made for an action of 
the encryption/decryption device constituted as de- 
scribed above. Fig. 6 is a diagram explaining a concrete 
example of the encryption and decryption, which use the 
pseudo random number as the cipher key. Fig. 7 is a 
sequence diagram explaining a decryption processing 
on the reception side. 

[0078] Note that the encryption processing by the per- 
sonal computer 2a and the USB key 1 a on the transmis- 
sion side is the same as the processing in the sequence 
diagram shown in Fig. 4. Therefore, here, description 
thereof will be omitted, and description will be made only 
for a decryption processing by the personal computer 
2b and the USB key 1 b on the reception side. 
[0079] First, the cryptographic data is transmitted to 
the personal computer 2b of the reception side through 
the Internet 5. 

[0080] Meanwhile, on the reception side, the USB key 
1 b is attached to the personal computer 2b (Step S11), 
and the personal computer 2b is activated (Step S12). 
Then, a password of a user is inputted from the input 
unit 3b to the personal computer 2b (Step S13). 
[0081] Next, the personal computer 2b makes a re- 
quest for a password to the USB key 1b (d11). In the 
USB key 1b, in response to the request for the pass- 
word, the USB controller 12b reads out the password 
from the memory 13b, and transmits this password to 
the personal computer 2b (d12). 

[0082] Next, the controller 22b in the personal com- 
puter 2b determines whether the password inputted 
from the input unit 3b has coincided with the password 
stored in the USB key 1b (Step S15). When both of the 
passwords do not coincide with each other, the decryp- 
tion processing is not carried out. When both of the 
passwords coincide with each other, the decryption 
processing is permitted, and the number of bytes of the 
cryptographic data is transmitted to the USB key 1b 
(d13). 

[0083] In the USB key 1 b, the pseudo random number 
generator 1 4b generates the pseudo random number of 
the chaotic time series based on the number of bytes of 
the received cryptographic data, the chaotic function 
and the initial value of this chaotic function (Step S1 7). 
Then, the USB controller 1 2b transmits the pseudo ran- 
dom number obtained by the pseudo random number 
generator 14b to the personal computer 2b (d14). 
[0084] In the personal computer 2b, the XOR 24b ex- 
ecutes the exclusive-OR operation for the pseudo ran- 
dom number from the controller 22b and the crypto- 
graphic data, and thus carries out the decryption for the 
cryptographic data. Then, the XOR 24b obtains the 
plaintext data as the decrypted data (Step S1 8). For ex- 
ample, as shown in Fig. 6, the cryptographic data is de- 
fined as "1111 01 ," the random number as the cipher key 



is defined as "100100," and an XOR of the both is taken. 
Then, "01 1 001 " is obtained as decrypted data, which be- 
comes equal to the plaintext data. 
[0085] As described above, according to the encryp- 

5 tion/decryption device of the second embodiment, since 
the USB key 1 a and the personal computer2a constitute 
the encryption device, a similar effect to that of the en- 
cryption device of the first embodiment is obtained. 
[0086] Moreover, the pseudo random number gener- 
ic ator 14b is provided in the USB key 1b as a separate 
body from the personal computer 2b. and only when the 
decryption is carried out, the USB key 1 b is attached to 
the personal computer 2b, and the pseudo random 
number is transmitted from the USB key 1b to the per- 

15 sonal computer 2b. Specifically, since the pseudo ran- 
dom number generator 1 4b is not made to reside in the 
personal computer 2b but built in the body of the USB 
key, it becomes difficult for the third party to decipher 
the pseudo random number of the chaotic time series 

20 as the cipher key. Moreover, since a file composed of 
the data cannot be browsed without the USB key 1b, 
confidentiality thereof can be enhanced. 
[0087] In this case, the same initial value x(0) is given 
to the pseudo random number generator 14a of the 

25 transmission sideforthe encryption and the pseudo ran- 
dom number generator 1 4b of the reception side for the 
decryption, respectively. Therefore, the pseudo random 
number for the encryption and the pseudo random 
number for the description are maintained to be the 

30 same. Moreover, the cryptographic data can be decrypt- 
ed while being synchronized between the transmission 
and reception sides by utilizing characteristics of the ex- 
clusive-OR operation. The characteristics of the exclu- 
sive-OR operation are as follows. First, cryptographic 

35 data is obtained by taking an exclusive-OR of certain 
plaintext data and a certain pseudo random number. 
Then, when another exclusive-OR of the above crypto- 
graphic data and the same pseudo random number is 
taken, the cryptographic data return to the original plain- 

40 text data. In such a manner as described above, neces- 
sary plaintext data can be communicated accurately to 
a destination. 

[0088] Moreover, since the pseudo random number 
generator 14b is not provided in the personal computer 
45 2b, a processing load of the personal computer 2b can 
be reduced. 

[0089] Furthermore, since the decryption processing 
cannot be carried out unless the password on the USB 
key 1 b side and the password on the personal computer 
50 2b side coincide with each other, the confidentiality 
thereof can be further improved. 

[0090] Moreover, sincethe plural types of pseudo ran- 
dom numbers of the chaotic time series can be gener- 
ated by changing the initial value x(0), plural types of 
55 the USB keys 1 can be fabricated, thus making it pos- 
sible to use the keys in plural groups. 
[0091] Next, description will be made in detail for a 
communication processing between the USB key and 
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the personal computer, which are provided on each of 
the transmission side and the reception side, with refer- 
ence to the sequence diagram of Fig. 8. 
[0092] First, the personal computer 2 makes a re- 
quest for setup acknowledgment to the USB key 1 (d21 ) . 
Then, the USB key 1 determines a state of its own (Step 
S21). As a determination result thereof, the USB key 1 
returns ACK (setup OK), NAK (under another process- 
ing or setup NG) or STALL (some errors) to the personal 
computer 2 (d22). 

[0093] Next, the personal computer 2 receives the de- 
termination result of the USB key 1 , and determines 
which of ACK, NAK and STALL the received result is 
(Step S22). When the received result is NAK, the 
processing returns to d21 , and when the result is STALL, 
an error message is displayed (Step S23). When the re- 
sult is ACK, the personal computer 2 transmits cipher 
key information (data size) to the USB key 1 , and makes 
a request for creation of a pseudo random number (PN 
code) thereto (d23). 

[0094] Meanwhile, in the USB key 1 , the pseudo ran- 
dom number generator 1 4 creates a PN code sequence 
of the chaotic time series based on the data size of the 
cipher key information, the chaotic function and the ini- 
tial value of the chaotic function (Step S24). Then, the 
USB key 1 returns DATA 0/1 (PN code sequence data 
composed of "0" and "1"), NAK (under creation of the 
PN code sequence) or STALL (some errors) to the per- 
sonal computer 2 depending on a state of creating the 
PN code sequence (d24). 

[0095] Next, the personal computer 2 receives the de- 
termination result of the USB key 1 , and determines 
which of DATA0/1 , NAK and STALL the received result 
is (Step S25). When the received result is NAK, the 
processing returns to d23, and when the result is STALL, 
an error message is displayed (Step S26). When the re- 
sult is DATA0/1 , the personal computer 2 makes a re- 
quest to the USB key 1 for notification of completing the 
reception of the PN code sequence (d25). 
[0096] In the USB key 1 , the termination of creating 
the PN code sequence is acknowledged (Step S27) . De- 
pending on the creation state, the USB key 1 returns 
ACK (termination acknowledged), NAK (under some 
processings) or STALL (some errors) to the personal 
computer 2 (d26). 

[0097] Next, the personal computer 2 receives the de- 
termination result of the USB key 1 , and determines 
which of ACK, NAK and STALL the received result is 
(Step S28). When the received result is NAK, the 
processing returns to d25, and when the result is STALL, 
an error message is displayed (Step S29). When the re- 
sult is ACK, the personal computer 2 is on standby, that 
is, in an idle state until the next command (Step S30). 
[0098] As described above, the USB key 1 is attached 
to the personal computer 2, and thus communication 
through USB ports can be carried out during the encryp- 
tion and the decryption. 



(Pseudo random number generator) 

[0099] Next, description will be made for a concrete 
circuit configuration of the above-mentioned pseudo 

5 random number generator 14. Fig. 9 is a block diagram 
schematically showing a constitution of the pseudo ran- 
dom number generator. As shown in Fig. 9, the pseudo 
random number generator 14 is constituted by includ- 
ing: a chaos generation loop 63 constituted by including 

10 a pair of one-dimensional map circuits 43 and 51 of one- 
input one-output mode for generating the chaotic func- 
tion, each having non-linear input/output characteris- 
tics, a pair of CMOS switches 45 and 53 for alternately 
performing opening and closing actions for paths on out- 

15 put sides of the respective one-dimensional map circuits 
45 and 53 in synchronization with an external clock, and 
a pair of feedback loops 47 and 55 for feedbacking an- 
alog outputs of the respective one-dimensional map cir- 
cuits 43 and 51 through the respective CMOS switches 

20 45 and 53 to input sides of the one-dimensional map 
circuits 43 and 51 in a crossing manner; a pair of AD 
converters 49 and 57 for converting, into digital signals, 
the analog outputs of the respective one-dimensional 
map circuits 43 and 51 , which are taken out through the 

25 respective CMOS switches 45 and 53; a DA converter 
65 for converting an initial value x(0) given in a digital 
signal mode into an analog signal; and a CMOS switch 
67 for performing opening and closing actions for a path 
on an output side of the DA converter 65 in synchroni- 
se zation with the external clock. 

[0100] With the elapse of a discrete timet (0, 1,2, ...) 
defined by the external clock in the chaos generation 
loop 63, the respective one-dimensional map circuits 43 
and 51 iterate the mapping alternately. Thus, the pseudo 

35 random number generator 1 4 outputs binary sequences 
as chaotic time series through the respective AD con- 
verters 49 and 57. 

[0101] Fig. 1 0 is a diagram showing a circuit obtained 
by integrating the pseudo random number generator 1 4 

40 shown in Fig. 9. Note that Fig. 9 and Fig. 1 0 are drawn 
so as to correspond to each other, and that common ref- 
erence numerals are added to members common to 
both of the drawings. An internal constitution for each 
block of the pseudo random number generator 14 

45 shown in Fig. 9 will be mentioned with reference to Fig. 
10. 

[0102] Each of the one-dimensional map circuits 43 
and 51 having input/output characteristics of an approx- 
imately "N" shaped form is constituted by including six 

50 MOS transistors. In Fig. 10, a channel dimension ratio 
W/L (where W is a width and L is a length) of each tran- 
sistor is represented as a weight by a number. A CMOS 
inverter at the first stage gives an increasing function, 
and a CMOS inverter at the second stage gives a de- 

55 creasing function. Function composition is carried out 
by standardizing inputs and outputs of both of the CMOS 
inverters, and consequently, the input/output character- 
istics of the approximately "N" shaped form are ob- 
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tained. 

[0103] Upon receiving external adjustment voltages 
71 and 73, a CMOS inverter at the third stage distorts 
the input/output characteristics owned by the one-di- 
mensional map circuits 43 and 51 . Voltage values of the 
external adjustment voltages 71 and 73 may be equal 
to each other, or may be different from each other. Fur- 
thermore, at least any one of the external adjustment 
voltages 71 and 73 may be omitted. 
[0104] The external adjustment voltages given to in- 
put terminals 71 and 73 may be given by converting dig- 
ital codes preset by the computer into analog voltages 
by the DA converter. In this case, the values of the ex- 
ternal adjustment voltages are changed in the form of 
step in accordance with a quantization resolution of the 
DA converter. 

[0105] Each of CMOS switches 45, 53 and 67 is con- 
stituted by combining the CMOS inverter with a trans- 
mission gate in which a PMOS transistor and an NMOS 
transistor are connected in parallel. The CMOS switch 
is opened and closed in accordance with a control signal 
given to each of input terminals 75, 77 and 79. 
[0106] A reset pulse giving an initial value is applied 
to the inputterminal 75, and the value of the initial value 
x(0) is given through the DA converter 65. Specifically, 
the initial value x(0) of the inner state of the loop at the 
discrete time t = 0 is given to the one-dimensional map 
circuit 51 through the DA converter 65 and the CMOS 
switch 67. For example, in a system adopting the DA 
converter 65 having the quantization resolution of 12 
bits, types of the initial values x(0) that can be given 
reach 2 12 = 4096. 

[0107] External clocks (discrete times t) given to the 
input terminals 77 and 79 are set as rectangular waves 
that are not superposed on each other. The maximum 
clock frequency in this case controls the processing 
speed of this pseudo random number generator. The 
processing speed is decided depending on an internal 
state decision speed of the one-dimensional map circuit. 
When individual parts are breadboarded on a printed 
board, the clock frequency can be increased up to 20 
kHz. This one-dimensional map circuit aims to be made 
into a chip as an integrated circuit using a standard 
CMOS integrated circuit technology. In the manufactur- 
ing of a prototype thereof on the assumption that the 
minimum dimension is equal to 0.8 \x.m, it has been con- 
firmed by a simulation thatthis one-dimensional map cir- 
cuit acts on a clock frequency of 1 MHz. 
[0108] The AD converters 49 and 57 outputting 1-bit 
data receive the respective outputs of the one-dimen- 
sional map circuits 43 and 51 through the CMOS switch- 
es 45 and 53, which open and close alternately in syn- 
chronization with the external clocks. Then, the AD con- 
verters 49 and 57 output binary code sequences each 
in accordance with input levels. 

[0109] Specifically, by a comparator, each of the AD 
converters 49 and 57 compares an output voltage of 
each of the one-dimensional map circuits 43 and 51 with 



a reference voltage obtained by dividing an applied volt- 
age by a pair of resistors rA and rB. Then, each of the 
AD converters 49 and 57 creates a signal of "0" or "1" 
by converting the voltage selected in accordance with a 

5 magnitude relationship of the both voltages. As the ex- 
ternal clocks (discrete time t) proceed, binary code time 
series data are taken out alternately from output termi- 
nals 59 and 61 . The binary code time series data that 
are taken out are array data, each having a random 

10 number with "0" and "1 " mixed randomly. When a sym- 
metry of the input/output characteristics owned by each 
of the one-dimensional map circuits 43 and 51 is main- 
tained well, occurrence frequencies of "0" and "1" be- 
come approximately equal to each other. In this case, 

15 isolated "0" or "1" occurs at a frequency twice that of a 
value having continuous numbers such as "00" and "11 ." 
A binary code time series is obtained, in which both of 
the binary code time series taken out alternately from 
the respective output terminals 59 and 61 as described 

20 above are arrayed in accordance with an integral time 
series. Thus, the pseudo random number of the chaotic 
time series can be generated. 

[01 1 0] When viewing a world from a viewpoint of the 
chaos, two same things are never present in the world. 

25 Moreover, when paying attention to the respective input/ 
output characteristics owned by a one-dimensional map 
circuit, it is pretty difficult to maintain asymmetry thereof 
completely- Furthermore, it is also pretty difficult to allow 
the respective input/output characteristics owned by the 

30 pair of one-dimensional map circuits 43 and 51 to coin- 
cide with each other completely. In addition, no assur- 
ance exists that the AD converters 49 and 57 carry out 
the same quantization. In order to wipe away various 
doubts as described above, it can be said to be extreme- 

35 |y effective for the pseudo random number generator to 
be implemented as hardware because such hardware 
implementation makes it possible to produce the same 
integrated circuits through industrial mass production 
processes. 

40 [0111] In the industrial technology of the chaos, the 
maintaining of the initial value sensitivity is an extremely 
important factor. In the present invention, the initial val- 
ue sensitivity is given through the DA converter 65. Spe- 
cifically, with regard to the pair of outputs 59, 61 of the 

45 binary code time series with initial values different from 
each other as starting points, the both are not super- 
posed on each other even if they are to be superposed 
while shifting phases thereof in any manner. Thus, the 
time series are obtained, in which both auto-correlations 

50 and a cross-correlation are sufficiently small. 

[0112] Now, a binary code timeseries, in which values 
taken out alternately from the output terminals 59 and 
61 are arrayed in time series, will be defined as Y(t). In 
examples where periodic sequences are cut out to be 

55 made as PN signals, it is only an example that, for ex- 
ample, the binary sequence PN signal of 64-bit period 
is cut into Y(0) to Y(63), Y(64) to Y(127), .... If the inner 
state of the chaos is observed up to t = 2 16 = 65536, 
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then 1 024 types of binary sequence PN signals of 64-bit 
period are obtained. When the quantization resolution 
of the DA converter 65 giving the initial values is set at 
12 bits, the initial values can be given in 2 12 = 4096 
ways. The types of the PN signals obtained in this case 
reach 4,194,304. 

[0113] However, there is no assurance that all the 
types of the PN signals thus taken out can be used in- 
dependently. This is because the unpredictability exert- 
ed by the sequence of the chaotic codes as the PN sig- 
nals greatly depends on parameters such as the indi- 
vidual input/output characteristics owned by the one-di- 
mensional map circuit and the given initial values. 
Hence, with regard to the PN signals thus taken out, it 
is necessary to investigate the auto-correlations and 
cross-correlation thereof while changing the phases and 
to verify in advance that the degrees of correlation are 
sufficiently small in the sequence other than the period. 
[0114] In the above-described pseudo random 
number generator 14, the symmetry of each input/out- 
put characteristics owned by each of the one-dimen- 
sional map circuits 43 and 51 directly affects output dis- 
tributions of "0" and "1" in the binary code time series 
taken out from each of the output terminals 59 and 61 . 
In general, in the case of an ideal pseudo random 
number, the output distributions of "0" and "1" become 
even in ratio. When it is desired thatthe pseudo random 
number generator 14 act in such a manner, it is satis- 
factory that the one-dimensional map circuits 43 and 51 
may be designed such that the one-dimensional map 
circuits 43 and 51 have input/output characteristics 
equal to each other, and thatthe symmetries thereof are 
maintained well. 

[0115] However, the pseudo random number gener- 
ator as the industrial technology does not necessarily 
require that the output distributions of "0" and "1" be- 
come even in ratio. The reason is as follows. Only if the 
necessary condition that the auto-correlations and the 
cross-correlation when shifting the phases are suffi- 
ciently small is satisfied, no disadvantage occurs from 
a viewpoint of the confidentiality of the cipher even if the 
ratio of the output distributions of "0" and "1" is biased 
in a cryptogram code of a stream cipher. Particularly, the 
way of thinking as below can be adopted. Specifically, 
because a third party certainly fails to decipher a cryp- 
togram code when it attempts to decipher the crypto- 
gram code on the assumption that a symmetry thereof 
is maintained well in the case wherethe one-dimension- 
al map circuits 43 and 51 are dared to be designed so 
that the symmetry is spoiled, robustness of the crypto- 
graphic system is rather strengthened. 
[0116] Moreover, there is no necessity of making the 
input/output characteristics owned by the one-dimen- 
sional map circuits 43 and 51 equivalent to each other. 
Each of the one-dimensional map circuits 43 and 51 can 
be realized by giving weights to the respective transis- 
tors as constituents of its own so that the weights are 
intentionally made different from one another. Further- 



more, even if a design is made so thatthe input/output 
characteristics owned by the circuits 43 and 51 are 
made equivalent to each other, the equivalence of the 
input/output characteristics of their own can be broken 

5 by giving external adjustment voltages different from 
each other for each of the circuits 43 and 51 independ- 
ently. Furthermore, a design may be made such that dis- 
torted input/output characteristics are combined with 
each other, aiming to expand a dynamic range of the 

10 map. 

[0117] In the pseudo random number generator 14 
described above, on the assumption that the DA con- 
verter and the clock generator are not included in an ob- 
ject to be made into one chip, as shown in Fig. 10, a 

15 pseudo random number generator can be realized, in 
which a sufficiently small-scale integrated circuit is 
made into one chip. While the chaos generation loop 63 
including the pair of one-dimensional map circuits 43 
and 51 as principal portions of the pseudo random 

20 number generator 1 4 is constituted of an analog circuit, 
the DA converter and the clock generator can be con- 
stituted of digital circuits. Therefore, it will also be facil- 
itated to make an integrated circuit including all of the 
above into one chip. 

25 [0118] In general, the CMOS integrated circuit is de- 
signed and realized in the enhanced mode. However, 
preferably, the CMOS source follower at the first stage, 
which is a constituent of each of the one-dimensional 
map circuits 43 and 51 included in the pseudo random 

30 number generator 14, is designed and realized in the 
depression mode. With such a constitution, the MOS 
transistor can be designed so that a weight thereof is 
reduced, and thus a well-balanced mask design of the 
one-dimensional map circuit can be realized. 

35 [01 1 9] The symmetries of the input/output character- 
istics of the one-dimensional map circuits 43 and 51 and 
the parameters including matching or unmatching be- 
tween the input/output characteristics owned by the pair 
of one-dimensional map circuits 43 and 51 are com- 

40 bined with the initial value sensitivity particular to the 
chaos, thus breaking the occurrence balance of "0" and 
"1" of the obtained binary sequences finely. A swing 
phenomenon particular to the chaos, which is originated 
from variation of the parameters as described above, 

45 can contribute to the improvement of the robustness of 
the chaotic stream cipher. 

(Third Embodiment) 

so [0120] Next, description will be made in detail for a 
cryptographic key management device of a third em- 
bodiment according to the present invention. Fig. 11 is 
a block diagram showing a constitution of the crypto- 
graphic key management device of the third embodi- 

55 ment according to the present invention. The crypto- 
graphic key management device shown in Fig. 1 1 man- 
ages a USB key 1c constituted to be freely attachable 
and detachable to/from a personal computer 2c, and is 
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characterized in that the personal computer 2c can re- 
write a program of a memory 13c in the USB key 1c. 
[0121] In Fig. 11 , the USB key 1 c is constituted by hav- 
ing an input/output unit 11 , a USB controller 1 2c, a mem- 
ory 13c, and a pseudo random number generator 14. 
The memory 13c is an EEPROM, in which information 
is not deleted even if a power source is turned off, and 
data writing and deletion are possible, that is, a flash 
memory. As shown in Fig. 12, the memory 13c has an 
application program area AE1 for storing an application 
program from an address (0000), an initial value, an ap- 
plication password PW1 for permission and refusal of 
use of the application program, an update password 
PW2 for indicating permission and refusal of update of 
the application program of the application program area 
AE1 (hereinafter, referred to as an update), and a pro- 
gram update area AE2 for storing the update program 
in a unit of a predetermined length (for example, 128 
bytes) in an area from an address (F800) to an address 
(FFFF). 

[0122] The personal computer 2c is constituted by 
having an input/output unit 21 , a controller 22c, a mem- 
ory 23c, an XOR 24 and a transmission unit 25. An input 
unit 3 and a display unit 4 are connected to the personal 
computer 2c. Note that, while the personal computer 2c 
creating cryptographic data is exemplified as a personal 
computer, a personal computer decrypting the crypto- 
graphic data, for example, the personal computer 2b 
shown in Fig. 5 may be used instead. 
[0123] The memory 23c has a management program 
81 for managing the memory 1 3c of the USB key 1 c and 
an update program 82. When updating the application 
program of the application program area in the memory 
13c of the USB key 1c ; the controller 22c sends out a 
delete command to the USB key 1 c to delete the update 
password therefrom. Then, after deleting the update 
password, the controller 22c transmits the update pro- 
gram in the unit of the predetermined length to the USB 
key 1c. 

[0124] The USB controller 12c in the USB key 1c turns 
into an update mode by the deletion of the update pass- 
word. The USB controller 12c stores the update pro- 
gram from the personal computer 2c in the unit of the 
predetermined length in the program update area, and 
transports the update program, which is stored in the 
program update area, in the unit of the predetermined 
length to the application program area. 
[0125] Next, description will be made for a processing 
of rewriting the program of the memory in the USB key 
from the personal computer of the cryptographic key 
management device of the third embodiment with refer- 
ence to Fig. 13. 

[0126] First, the USB key 1c is attached to the per- 
sonal computer 2c (Step S31). When updating the ap- 
plication program in the application program area in the 
memory of the USB key 1c, the personal computer 2c 
activates the management program 81 (Step S32). 
Then, the personal computer 2c transmits the delete 



command for deleting the update password to the USB 
key 1c (d31). Furthermore, the personal computer 2c 
activates the update program (Step S33). 
[0127] Meanwhile, in the USB key 1c, the USB con- 

5 troller 12c deletes an update password in the memory 
13c by the received delete command (Step S34), and 
turns into the update mode (Step S35). Then, the USB 
key 1c transmits update mode information to the per- 
sonal computer 2c (d32). 

10 [0128] The personal computer 2c recognizes that the 
USB key 1c is in the update mode from the received 
update mode information (Step S36). After transmitting 
a rewrite command to the USB key 1c (d33), the per- 
sonal computer 2c transmits data of the update program 

15 in a unit of predetermined bytes to the USB key 1c (d34). 
[0129] Meanwhile, in the USB key 1c, the USB con- 
troller 12c writes the update program from the personal 
computer 2c in the unit of predetermined bytes into the 
program update area in accordance with the received 

20 rewrite command. In this case, since an update pass- 
word is included in the update program, the update 
password is also written into the memory 13c (Step 
S37). 

[0130] Furthermore, the USB controller 12c trans- 
25 ports the update program stored in the program update 
area in the unit of predetermined bytes to the application 
program area (Step S38). 

[0131] Hence, the application program in the memory 
of the USB key 1c can be easily rewritten from the per- 

30 sonal computer 2c. Moreover, the rewrite of the appli- 
cation program is determined depending on whether or 
not the update password exists. Therefore, only a spe- 
cific person can rewrite the application program. 
[0132] In the above, description has been made only 

35 for the processing of rewriting the application program. 
Description will be made for activation of the application 
program and the update program in the memory in the 
USB key with reference to Fig. 14. 
[0133] First, when the powersource is turned on (Step 

40 S41), the USB controller 12c of the USB key 1c deter- 
mines whether or not there is the update password in 
the memory 13c (Step S42). When there is the update 
password, the USB controller 1 2c activates the applica- 
tion program in the application program area, and exe- 

45 cutes a processing from the address (0000) as the stor- 
age area (Step S43). Specifically, a usual processing 
can be carried out by activating the application program. 
[0134] Meanwhile, when there is not the update pass- 
word, the process jumps to an address (F800) in the 

50 storage area (Step S44), the update program in the pro- 
gram update area is activated, and a processing is ex- 
ecuted from the address (F800) (Step S45). Specifically, 
the update processing can be carried out by activating 
the update program. 

55 

(Fourth Embodiment) 

[0135] Next, description will be made in detail for a 
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cryptographic key management device of a fourth em- 
bodiment according to the present invention. Fig. 15 is 
a block diagram showing a constitution of a cryptograph- 
ic key management device of the fourth embodiment ac- 
cording to the present invention. The cryptographic key 
management device shown in Fig. 15 manages a USB 
key 1d constituted to be freely attachable and detacha- 
ble to/from a personal computer 2d, and is characterized 
in that the personal computer 2d can register an initial 
value of a chaotic function in a memory 1 3d in the USB 
key 1d. 

[0136] In Fig. 15, the USB key 1d is constituted by 
having an input/output unit 1 1 , a USB controller 1 2d, a 
memory 13d, and a pseudo random number generator 
14. 

[0137] The personal computer 2d is constituted by 
having an input/output unit 21 , a controller 22d, and a 
memory 23d. An input unit 3 and a display unit 4 are 
connected to the personal computer 2d. The input unit 
3 inputs a product number of the USB key and the initial 
value for each USB key 1d. The controller 22d allows 
an initial value table 83 to store the product number of 
the USB key and the initial value for each USB key 1 d, 
which are inputted by the input unit 3. 
[0138] As shown in Fig. 16, the memory 23d has the 
initial value table 83 storing the product number of the 
USB key and the initial value (key ID) of thechaoticfunc- 
tion, which are made to correspond to each other, for 
each USB key 1d. Upon being equipped with the USB 
key 1 d, the controller 22d reads out the initial value cor- 
responding to the product number of the USB key 1d 
from the initial value table 83, and transmits the initial 
value to the USB key 1 d. The USB controller 1 2d of the 
USB key 1d allows the memory 13d to store the initial 
value sent from the personal computer 2d. 
[0139] Next, description will be made for a processing 
of preparing the initial value table by the personal com- 
puter of the cryptographic key management device of 
the fourth embodiment with reference to Fig. 17. 
[0140] First, a determination is made as to whether or 
not the product number of the USB key 1d has been 
inputted (Step S51). In the case where the product 
number of the USB key 1 d has been inputted, the prod- 
uct number of the USB key 1 d is stored in the initial value 
table 83 (Step S52). 

[0141] Next, a determination is made as to whether 
or not the initial value has been inputted (Step S53). In 
the case where the initial value has been inputted, the 
initial value is stored in the initial value table 83 (Step 
S54). 

[0142] Next, a determination is made as to whether 
or not the storing processing is terminated for all the 
USB keys 1 d (Step S55). In the case where the storing 
processing is not terminated for all the USB keys 1 d, the 
processing returns to Step S51 , from which the process- 
ing is executed repeatedly. With such a processing, the 
initial value table 83 as shown in Fig. 16 can be pre- 
pared, and by the prepared initial value table 83, the in- 



itial value can be managed for each USB key 1d. 
[01 43] Next, description will be made for a processing 
of registering the initial value from the personal compu- 
ter 2d of the cryptographic key management device of 
5 the fourth embodiment to the memory 13d of the USB 
key 1 d with reference to Fig. 18. 

[0144] First, the personal computer 2d determines 
whether or not the USB key 1 d has been attached there- 
to (Step S61 ). When the USB key 1 d has been attached 
10 thereto, the product number of the USB key 1 d is input- 
ted thereto (Step S62). 

[0145] Then, the controller 22d reads out the initial 
value corresponding to the inputted product number of 
the USB key 1 d from the initial value table 83 (Step S63), 
15 and transmits the read-out initial value to the USB key 
1d(StepS64). 

[0146] Next, the USB key 1d stores the initial value 
from the personal computer 2d in the memory 1 3c (Step 
S65). 

20 [0147] Next, a determination is made as to whether 
or not the processing of registering the initial value is 
terminated for all the USB keys 1d (Step S66). In the 
case where such initial value registration processing is 
not terminated for all the USB keys 1d, the processing 
25 returns to Step S61 , from which the processing is exe- 
cuted repeatedly. 

[01 48] Hence, from the personal computer 2d, the in- 
itial value corresponding to the USB key 1 d can be reg- 
istered in the memory 13d in the USB key 1d for each 
so USB key 1d. 

[0149] Although the initial value has been written into 
an IC of another chip heretofore, the initial value can be 
written into the flash memory of the CPU in this embod- 
iment. 

35 

(Fifth Embodiment) 

[0150] Next, description will be made in detail for a 
decryption device of a fifth embodiment according to the 

40 present invention. Fig. 19 is a block diagram showing a 
constitution of the decryption device of the fifth embod- 
iment according to the present invention . The decryption 
device shown in Fig. 19 decrypts cryptographic data by 
use of a USB key 1 e constituted to be freely attachable 

45 and detachable to/from a personal computer 2e, and is 
characterized in that it has a group password as an initial 
value to make it possible to share a cryptographic file 
having cryptographic data in a group. 
[0151] The personal computer 2e is constituted by 

50 having an input/output unit 21 , a controller 22e, a mem- 
ory 23, an XOR 24 and a cryptographic file 26. An input 
unit 3 and a display unit 4 are connected to the personal 
computer 2e. As shown in Fig. 20, the cryptographic file 
26 has the cryptographic data in a cryptographic data 

55 area. Moreover, in a header area, the cryptographic file 
26 has an extension (yzg) as group mode information 
for indicating that a plurality of users can use the cryp- 
tographic data and has a group ID as a group password 
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inherent in the plurality of users who can use the cryp- 
tographic data. 

[0152] The controller 22e determines whether or not 
an ID inputted from the input unit 3 has coincided with 
the group ID stored in the cryptographic file 26. When 
the controller 22e determines that the ID inputted from 
the input unit 3 has coincided with the group ID, the con- 
troller 22e transmits the group ID as an initial value of a 
chaotic function to the USB key 1 e, and also transmits 
a data size of the cryptographic data thereto. The XOR 
24 receives, as a cipher key, a pseudo random number 
of a chaotic time series, which is generated in a pseudo 
random number generator 14e, and also receives the 
cryptographic data from the cryptographic file 26. Then, 
the XOR 24 decrypts the cryptographic data by use of 
the pseudo random number. 

[0153] The USB key 1e is constituted by having an 
input/output unit 1 1 , a USB controller 1 2e, a memory 1 3 
and the pseudo random number generator 14e. The 
pseudo random number generator 14e generates the 
pseudo random number of the chaotictime series based 
on the data size of the cryptographic data, the chaotic 
function and the group ID as the initial value of the cha- 
otic function from the personal computer 2e. 
[0154] Next, description will be made for a decryption 
processing of the decryption device of the fifth embodi- 
ment with reference to Fig. 21 . 

[0155] First, the controller 22e of the personal com- 
puter 2e reads out an extension from the cryptographic 
file 26 (Step S71), and determines whether or not the 
extension is yzg as the group mode information (Step 
S72). When the extension is yzg, the controller 22e 
reads out the group ID of the cryptographic data 26 
(Step S73). 

[0156] Next, upon receiving the group ID (Step S74), 
the controller 22e determines whether or not the input- 
ted group ID and the group ID stored in the cryptograph- 
ic file 26 coincide with each other (Step S75). When the 
group IDs coincide with each other, the controller 22 
transmits the group ID and the data size of the crypto- 
graphic data to the USB key 1 e. 

[0157] Meanwhile, the USB key 1e generates the 
pseudo random number of the chaotictime series based 
on the data size of the cryptographic data, the chaotic 
function and the group ID as the initial value of the cha- 
otic function from the personal computer 2e. Then, the 
USB key 1e transmits the generated pseudo random 
number of the chaotic time series as the cipher key to 
the personal computer 2e. 

[0158] The personal computer 2e acquires the pseu- 
do random number from the USB key 1e (Step S77). 
The XOR 24 decrypts the cryptographic data in the cryp- 
tographic file 26 by use of the pseudo random number 
from the USB key 1e. Specifically, the group ID is de- 
fined as the initial value of the chaotic function, thus 
making it possible to share the cryptographic file 26 in 
the group composed of the plurality of users. 
[0159] Moreover, only when there is the extension yzg 



as the group mode information and the inputted ID co- 
incides with the group ID stored in the cryptographic file 
26, the cryptographic file 26 can be shared in the group 
composed of the plurality of users. Specifically, thecon- 

5 fidentiality of the data can be further improved. 

[0160] According to the first aspect of the present in- 
vention, since the pseudo random number generator 
(cryptographic algorithm) is not made to reside in the 
external device but built in the body of the cryptographic 

10 key, it becomes difficult for the third party to decipher 
the pseudo random number of the chaotic time series 
as the cipher key. Thus, the data on the personal com- 
puter owned by a person can be prevented from being 
browsed by the third party. 

15 [01 61 ] According to the second aspect of the present 
invention, the pair of one-dimensional map circuits iter- 
ate the mapping alternately, and the analog outputs ob- 
tained by the mapping are feedbacked in the crossing 
manner. Therefore, the divergence and convergence of 

20 the analog outputs woven by the pair of one-dimension- 
al map circuits are combined with the initial value sen- 
sitivity particular to the chaos, thus breaking the occur- 
rence balance of "0" and "1" of the obtained binary se- 
quences finely. Such a swing phenomenon particular to 

25 the chaos can contribute to the improvement of robust- 
ness of the stream cipher using the chaos. 
[0162] According to the third aspect of the present in- 
vention, the initial value sensitivity is given through the 
DA converter. Therefore, with regard to the pair of binary 

30 sequences with the initial values different from each oth- 
er as starting points, the both are not superposed on 
each other even if they are to be superposed while shift- 
ing phases thereof in any manner. Thus, it is made pos- 
sible to obtain the chaotic time series in which both of 

35 the auto-correlations and the cross-correlation are suf- 
ficiently small. 

[0163] Furthermore, according to the fourth aspect of 
the present invention, it is made possible to adjust the 
input/output characteristics owned by the one-dimen- 
40 sional map circuit from the outside. Consequently, the 
types of the chaotic time series that can be taken out 
can be further increased. 

[0164] According to the fifth aspect of the present in- 
vention, when the cryptographic key is attached to the 

45 external device, the external device transmits the data 
size of the plaintext data to the cryptographic key, and 
encrypts the plaintext data by use of the pseudo random 
number of the chaotic time series as the cipher key, the 
pseudo random number being sent from the crypto- 

50 graphic key. Therefore, the similar effect to that of the 
first aspect is obtained, and the cryptographic data hav- 
ing high confidentiality can be created. 
[01 65] According to the sixth aspect of the present in- 
vention, the exclusive-OR operation for the pseudo ran- 

55 dom number obtained by the pseudo random number 
generator and the plaintext data is executed, thus mak- 
ing it possible to encrypt the plaintext data. 
[01 66] According to the seventh aspect of the present 
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invention, the external device permits the encryption 
processing when the password inputted from the input 
unit and the first password stored in the cryptographic 
key coincide with each other. Therefore, the confidenti- 
ality can be enhanced. 

[0167] According to the eighth aspect of the present 
invention, the first external device transmits the data 
size of the plaintext data to the first cryptographic key 
upon being equipped with the first cryptographic key, 
and encrypts the plaintext data by use of the pseudo 
random number of the chaotic time series from the first 
cryptographic key to create the cryptographic data. 
Moreover, the second external device receives the cryp- 
tographic data from the first external device, and trans- 
mits the data size of the cryptographic data to the sec- 
ond cryptographic key upon being equipped with the 
second cryptographic key, then decrypts the crypto- 
graphic data by use of the pseudo random number of 
the chaotic time series from the second cryptographic 
key. Therefore, the plaintext data on the transmission 
side can be obtained on the reception side. 
[0168] According to the ninth aspect of the present in- 
vention, the first external device executes the exclu- 
sive-OR operation for the pseudo random number ob- 
tained by the pseudo random number generator in the 
first cryptographic key and the plaintext data to encrypt 
the plaintext data. Moreover, the second external device 
executes the exclusive-OR operation for the pseudo 
random number obtained by the pseudo random 
number generator in the second cryptographic key and 
the cryptographic data to decrypt the cryptographic da- 
ta. Therefore, the plaintext data on the transmission side 
can be obtained on the reception side. 
[0169] According to the tenth aspect of the present in- 
vention, the encryption processing is permitted on the 
transmission side when both of the passwords coincide 
with each other, and the decryption processing is per- 
mitted on the reception side when both of the passwords 
coincide with each other. Therefore, the confidentiality 
can be enhanced on each of the transmission and re- 
ception sides. 

[0170] According to the eleventh aspect of the present 
invention, the external device sends out the delete com- 
mand to the cryptographic key to delete the update 
password therefrom when updating the program of the 
program area in the memory. Then, the external device 
transmits the update program in the unit of the prede- 
termined length to the cryptographic key after deleting 
the update password. Meanwhile, the cryptographic key 
turns into the update mode by the deletion of the update 
password, and stores the update program from the ex- 
ternal device in the unit of the predetermined length in 
the program update area. Then, the cryptographic key 
transports the update program in the unit of the prede- 
termined length to the program area, the update pro- 
gram being stored in the program update area. There- 
fore, the program in the memory of the cryptographic 
key can be rewritten from the external device easily, and 



the rewrite of the program is determined depending on 
whether or not the update password exists. Therefore, 
only the specific person can rewrite the program. 
[0171] According to the twelfth aspect of the present 
5 invention, the cryptographic key can store the update 
password from the external device in the memory when 
storing the update program from the external device in 
the program update area. 

[0172] According to the thirteenth aspect of the 
10 present invention, the cryptographic key can activate 
the program of the program area when the update pass- 
word is stored in the memory when the power source is 
turned on, thus making it possible to carry out the usual 
processing. 

15 [0173] According to the fourteenth aspect of the 
present invention, the external device reads out the in- 
itial value corresponding to the cryptographic key 
number from the initial value table to transmit the initial 
value to the cryptographic key upon being equipped with 

20 the cryptographic key. Meanwhile, the cryptographic 
key stores the initial value from the external device in 
the memory, and generates the pseudo random number 
of the chaotic time series based on the initial value 
stored in the memory, the data size of the data and the 

25 chaotic function. Hence, from the external device, the 
initial value corresponding to the cryptographic key can 
be registered in the memory in the cryptographic key for 
each cryptographic key. 

[0174] According to the fifteenth aspect of the present 
30 invention, when the input unit inputs the cryptographic 
key number and the initial value for each cryptographic 
key, the storage control units allows the initial value table 
to store the cryptographic key number and the initial val- 
ue for each cryptographic key, which are inputted from 
35 the input unit. Therefore, the initial value can be man- 
aged for each cryptographic key by the created initial 
value table. 

[0175] According to the sixteenth aspect of the 
present invention, the external device transmits the 

40 group password and the data size of the cryptographic 
data to the cryptographic key when the inputted pass- 
word coincides with the group password stored in the 
cryptographic file. Meanwhile, the cryptographic key 
generates the pseudo random number of the chaotic 

45 time series based on the data size of the cryptographic 
data from the external device, the chaotic function and 
the group password as the initial value of the chaotic 
function. Then, the cryptographic key transmits the gen- 
erated pseudo random number of the chaotic time se- 

50 hes as the cipher key to the external device. The exter- 
nal device decrypts the cryptographic data in the cryp- 
tographic file by use of the cipher key from the crypto- 
graphic key. Specifically, the group password is defined 
as the initial value, thus making it possible to share the 

55 cryptographic file in the group composed of the plurality 
of users. 

[0176] According to the seventeenth aspect of the 
present invention, the external device determines 
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whether or not the group mode information is in the cryp- 
tographic file. When the group mode information is in 
the cryptographic file ; the external device requests input 
of the password. Therefore, only when there is the group 
mode information and the inputted password coincides 
with the group password stored in the cryptographic file, 
the cryptographic file can be shared in the group com- 
posed of the plurality of users. 

[0177] The entire content of Japanese Patent Appli- 
cation No. P2001 -351 903 with a filing data of November 
16, 2001 is herein incorporated by reference. 
[0178] Although the present invention has been de- 
scribed above by reference to certain embodiment, the 
invention is not limited to the embodiment described 
above and modifications will occurto those skilled in the 
art, in light of the teachings. The scope of the invention 
is defined with reference to the following claims. 



Claims 

1 . A cryptographic key constituted to be freely attach- 
able and detachable to/from an external device en- 
crypting and decrypting data by use of a cipher key, 
the cryptographic key comprising: 

a pseudo random number generator for gener- 
ating a pseudo random number of a chaotic 
time series based on a data size of the data, a 
chaotic function and an initial value of the cha- 
otic function; and 

a transmission/reception control unit for receiv- 
ing the data size of the data from the external 
device and transmitting the pseudo random 
number of the chaotic time series as the cipher 
key to the external device, the pseudo random 
number being generated in the pseudo random 
number generator, when the cryptographic key 
is attached to the external device. 

2. The cryptographic key according to claim 1 , 

wherein the pseudo random number genera- 
tor includes: 

a chaos generation loop constituted by includ- 
ing a pair of one-dimensional map circuits for 
generating the chaotic function, each having 
non-linear input/output characteristics, a pair of 
CMOS switches for alternately performing 
opening and closing actions for paths on output 
sides of the respective one-dimensional map 
circuits in synchronization with an external 
clock, and a pair of feedback loops for feed- 
backing analog outputs of the respective one- 
dimensional map circuits through the respec- 
tive CMOS switches to input sides of the re- 
spective one-dimensional map circuits in a 
crossing manner; and 



a pair of AD converters for converting, into dig- 
ital signals, the analog outputs of the respective 
one-dimensional map circuits, the analog out- 
puts being taken out through the respective 

5 CMOS switches, and 

the respective one-dimensional map circuits it- 
erate mapping alternately with the elapse of a 
discrete time defined by the external clock in 
the chaos generation loop to allow the pseudo 

10 random number generator to output binary se- 

quences as chaotic time series through the re- 
spective AD converters. 

3. The cryptographic key according to claim 2, 

15 wherein the pseudo random number genera- 

tor further includes: 

a DA converter for converting an initial value 
given in a digital signal mode into an analog sig- 
20 nal; and 

a CMOS switch for performing opening and 
closing actions for a path on an output side of 
the DA converter in synchronization with the ex- 
ternal clock. 

25 

4. The cryptographic key according to claim 2, 

wherein at least any one of the pair of one- 
dimensional map circuits is constituted to be capa- 
ble of adjusting the input/output characteristics of 
30 its own in accordance with an external adjustment 
voltage. 

5. An encryption device for encrypting plaintext data 
by use of a cipher key, the encryption device com- 

35 prising: 

a cryptographic key having a pseudo random 
number generator for generating a pseudo ran- 
dom number of a chaotic time series based on 
40 a data size of the plaintext data, a chaotic func- 

tion and an initial value of the chaotic function; 
and 

an external device for transmitting the data size 
of the plaintext data to the cryptographic key 

45 upon being equipped with the cryptographic 

key, and for encrypting the plaintext data by use 
of the pseudo random number of the chaotic 
time series as the cipher key, the pseudo ran- 
dom number being sent from the cryptographic 

50 key. 

6. The encryption device according to claim 5, 

wherein the external device executes an ex- 
clusive-OR operation for the pseudo random 
55 number obtained by the pseudo random number 
generator and the plaintext data to encrypt the 
plaintext data. 



18 



35 



EP 1 313 259 A2 



36 



7. The encryption device according to claim 5, 

wherein the cryptographic key stores a first 
password in advance, and 

the external device collates a password input- 
ted from an input unit and the first password stored 
in the cryptographic key, and permits an encryption 
processing when both of the passwords coincide 
with each other. 

8. An encryption/decryption device for encrypting and 
decrypting plaintext data by use of a cipher key, the 
encryption/decryption device comprising: 

a first cryptographic key having a pseudo ran- 
dom number generatorfor generating a pseudo 
random number of a chaotic time series based 
on a data size of the plaintext data, a chaotic 
function and an initial value of the chaotic func- 
tion; 

a second cryptographic key having a same con- 
stitution as the first cryptographic key; 
a first external device for transmitting the data 
size of the plaintext data to the first crypto- 
graphic key upon being equipped with the first 
cryptographic key, and for encrypting the plain- 
text data by use of the pseudo random number 
of the chaotic time series from the first crypto- 
graphic key as the cipher key to create crypto- 
graphic data; and 

a second external device for receiving the cryp- 
tographic data from the first external device, for 
transmitting a data size of the cryptographic da- 
ta to the second cryptographic key upon being 
equipped with the second cryptographic key, 
and for decrypting the cryptographic data by 
use of the pseudo random number of the cha- 
otic time series from the second cryptographic 
key as the cipher key. 

9. The encryption/decryption device according to 
claim 8, 

wherein the first external device executes an 
exclusive-OR operation for the pseudo random 
number obtained by the pseudo random number 
generator in the first cryptographic key and the 
plaintext data to encrypt the plaintext data, and 

the second external device executes an ex- 
clusive-OR operation for the pseudo random 
number obtained by the pseudo random number 
generator in the second cryptographic key and the 
cryptographic data to decrypt the cryptographic da- 
ta. 

10. The encryption/decryption device according to 
claim 8, 

wherein the first cryptographic key stores a 
first password in advance, 

the second cryptographic key stores a second 



password in advance, 

the first external device collates a password 
inputted from a first input unit and the first password 
stored in the first cryptographic key, and permits an 
5 encryption processing when both of the passwords 

coincide with each other and 

the second external device collates a pass- 
word inputted from a second input unit and the sec- 
ond password stored in the second cryptographic 
10 key, and permits a decryption processing when both 
of the passwords coincide with each other. 

11. A cryptographic key management device for man- 
aging a cryptographic key constituted to be freely 

15 attachable and detachable to/from an external de- 

vice, 

wherein the cryptographic key includes: 

a pseudo random number generatorfor gener- 
ic ating a pseudo random number of a chaotic 
time series based on a data size of data, a cha- 
otic function and an initial value of the chaotic 
function; 

a transmission/reception control unit for receiv- 
es ing the data size of the data from the external 
device upon being attached to the external de- 
vice, and for transmitting the pseudo random 
number of the chaotic time series as the cipher 
key to the external device, the pseudo random 
so number being generated in the pseudo random 
number generator; and 

a memory having a program area for storing a 
program, an update password for indicating 
permission and refusal of update of the pro- 
35 gram of the program area, and a program up- 

date area for storing the update program, 
the external device includes: 

a password deletion unit for sending out a 
40 delete command to the cryptographic key 

to delete the update password therefrom 
when updating the program of the program 
area in the memory; and 
a transmission unit for transmitting the up- 
45 date program in a unit of a predetermined 

length to the cryptographic key after delet- 
ing the update password, and 
the cryptographic key turns into an update 
mode by the deletion of the update pass- 
50 word, and stores the update program from 

the external device in the unit of the prede- 
termined length in the program update ar- 
ea, then transports the update program in 
the unit of the predetermined length to the 
55 program area, the update program being 

stored in the program update area. 

12. The cryptographic key management device accord- 
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ing to claim 11 , 

wherein the transmission unit of the external 
device transmits the update program and the up- 
date password to the cryptographic key, and 

the cryptographic key stores the update pass- 
word in the memory when storing the update pro- 
gram in the program update area. 

13. The cryptographic key management device accord- 
ing to claim 12, 

wherein the cryptographic key activates the 
program of the program area when the update pass- 
word is stored in the memory when a power source 
is turned on. 

14. A cryptographic key management device for man- 
aging a cryptographic key constituted to be freely 
attachable and detachable to/from an external de- 
vice, 

wherein the external device includes: 

an initial value table storing a cryptographic key 
number and an initial value of a chaotic function 
for each cryptographic key, the cryptographic 
key number and the initial value being made to 
correspond to each other; and 
a transmission unitfor reading out the initial val- 
ue corresponding to the cryptographic key 
number from the initial value table to transmit 
the initial value to the cryptographic key when 
the cryptographic key is attached to the exter- 
nal device, and 

the cryptographic key includes: 

a memory for storing the initial value from 
the external device; and 
a pseudo random number generator for 
generating a pseudo random number of a 
chaotic time series based on the initial val- 
ue stored in the memory, a data size of data 
and the chaotic function. 

1 5. The cryptographic key management device accord- 
ing to claim 14, 

wherein the external device includes: 

an input unitfor receiving the cryptographic key 
number and the initial value for each crypto- 
graphic key; and 

a storage control unitfor allowing the initial val- 
ue table to store the cryptographic key number 
and the initial value for each cryptographic key, 
the cryptographic key number and the initial 
value being inputted from the input unit. 

16. A decryption device for decrypting cryptographic 
data by use of a cryptographic key constituted to be 
freely attachable and detachable to/from an exter- 



nal device, 

wherein the external device includes: 

a cryptographic file storing the cryptographic 
data and a group password inherent in a plural- 
ity of users capable of using the cryptographic 
data; 

a transmission unit for transmitting the group 
password and a data size of the cryptographic 
data to the cryptographic key when an inputted 
password coincides with the group password 
stored in the cryptographic file; and 
a decryption unit for decrypting the crypto- 
graphic data in the cryptographic file by use of 
a cipher key from the cryptographic key, and 
the cryptographic key includes: 

a pseudo random number generator for 
generating a pseudo random number of a 
chaotic time series based on the data size 
of the cryptographic data from the external 
device, a chaotic function and the group 
password as an initial value of the chaotic 
function; and 

a transmission/reception control unitfor re- 
ceiving the group password and the data 
size of the cryptographic data from the ex- 
ternal device, and for transmitting the 
pseudo random number of the chaotic time 
series as the cipher key to the external de- 
vice, the pseudo random number being 
generated in the pseudo random number 
generator. 

17. The decryption device according to claim 1 6, 

wherein the external device further includes: 

a determination unit for determining whether or 
not group mode information for indicating that 
the plurality of users can use the cryptographic 
data is in the cryptographic file; and 
a request unit for requesting input of the pass- 
word when the group mode information is in the 
cryptographic file. 
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WHETHER OR NOT ^ 
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